ConcourseSuite Support

Support
Corporate
PUBLIC PROFILE

isRecordAccessPermitted(context, db, int)

This is a wrapper method that checks record permissions for a user. It checks

  • Permissions on the record for portal users (a capability available to account contacts) as they are restricted to only view or add certain information about the account for which they are a contact.
  • Permissions for users who may belong to a division or site. Such users are restricted to access information from their site only. A user who is not assigned a site (i.e., -1) has access data from all sites. This method is used when there exists a relationship between an Organization record(which has a siteId) and the record (which may not have a siteId) for which permissions need to be checked.
  protected static boolean isRecordAccessPermitted(ActionContext context, Connection db, int tmpOrgId) throws SQLException {
    if (isPortalUser(context)) {
      if (tmpOrgId == getPortalUserPermittedOrgId(context)) {
        return true;
      } else {
        return false;
      }
    } else {
      if ((UserUtils.getUserSiteId(context.getRequest())) != -1) {
        int orgSiteId = Organization.getOrganizationSiteId(db, tmpOrgId);
        if (orgSiteId == UserUtils.getUserSiteId(context.getRequest())) {
          return true;
        } else {
          return false;
        }
      } else {
        // has permission to view records of all sites
        return true;
      }
    }
  }

Sign in to add your comment.